PUF Based Device Identification for Cryptographic Service Provision

Abstract

Conventional cryptography relies on keys stored in the device. Whenever the key is needed for use in a cryptographic service, a stored key or template is used. The problem with stored keys is that they can be stolen; hence a novel root of trust is needed that can generate a key at run time and does not rely on storage of the key or template. To generate keys at run time physical root of trust can be considered in a Physically Unclonable Function (PUF). Using the concept of PUF a unique ID of the device can be created by using the device physical characteristics. Being rooted in the physical world means that extracting/ guessing the device identity requires considerable effort on part of the adversary, as physical access to the device may be required along with access to specialized hardware/ environment. Fundamentally, PUF is a challenge-response mechanism that is rooted in the physical realm. PUF receives a challenge and a corresponding response is generated. Once processed the generated response is provided to the PUF cannot be reproduced by any other device due to unique inherent physical features of the device. This unique response serves as the fingerprint of the device. In this study, physical features of MEMS sensors have been studied in detail that will generate a fingerprint which can serve as the identity of the device. The fingerprint of a device nor any associated PUF data is ever stored or maintained in a database. Thus only the correct device is able to generate the correct PUF identity of a device. This research makes major contributions towards creating a PUF identity that is entirely based on inherent device features. Firstly a range of device features have been identified that are either device encoded while other are extractable via device operational profile. The second major contribution of the thesis is that a statistical analysis of the data generated by MEMS sensors is considered to prove that the selected features are unpredictable, regeneratable and particularly stable for use in cryptographic operations. Lastly two authentication schemes are presented that can be used for the authentication of 𝑃𝑈𝐹𝐼𝐷 so devices can be authenticate and communicate with each other.